Stake.com Crypto Casino Hacked for $41 Million
According to reports, Stake.com, one of the world's largest cryptocurrency-accepting online casinos, was recently hacked, and it resulted in an incredible loss of more than $41 million. However, players' funds remained safe.
The licensed casino site initially suspended all registered members from making any deposits or withdrawals. Therefore, people couldn't access any funds they had stored in their accounts on the official Stake.com website for a short period.
The recent hack was initially uncovered in early September 2023 (Monday, 4th) by Cyvers – a cryptocurrency security firm that identified numerous irregular transactions. They could all be traced directly to Stake.com's hot wallet, which is held on the Binance Smart Chain.
Three hours ago, unauthorised tx’s were made from Stake’s ETH/BSC hot wallets.
— Stake.com (@Stake) September 4, 2023
We are investigating and will get the wallets up as soon as they’re completely re-secured.
User funds are safe.
BTC, LTC, XRP, EOS, TRX + all other wallets remain fully operational.
A hot wallet is connected to the World Wide Web and is a tool that can be used for storing and exchanging cryptocurrency as and when the account holder pleases.
On the other hand, cold wallets are not connected to the web. They are completely offline, where crypto is stored safely away from the dangers of internet hackers. Stake.com reserves a small portion of its cryptocurrency in hot wallets.
The Stake.com operator immediately posted on its official X (formerly Twitter) account that their site's hot wallets account had been compromised and multiple unauthorized transactions had been made. This accounted for around $17.8 million of what was stolen by hackers.
🚨@Stake has experienced multiple suspicious outflows on #Ethereum, #BSC and #Polygon.
— Beosin Alert (@BeosinAlert) September 4, 2023
ETH: ~$15.7M
Polygon: ~$7.8M
BSC: ~$17.8M
The total funds were ~$41.35M.
Stay alert! pic.twitter.com/cKBK3kMeUz
However, shortly after the event occurred, they released a further Tweet saying they were conducting a full investigation and would get the digital wallets back up and running properly as soon as they had been completely re-secured. Soon after, the Stake.com operator announced that all deposits and withdrawals were back up and running and that it was business as usual.
They assured everyone that user funds were safe, although this still didn't stop registered members from panicking and wondering if their money was safe.
Stake.com uses Secure Socket Layer (SSL) encryption, which is designed to prevent things like this from ever happening, especially on websites where people process transactions and hold their funds.
However, there is a possibility that the SSL certificate expired, but nothing has been confirmed yet, so there's no point trying to guess what happened. The company has not yet revealed details of the breach or who may have perpetrated the attack.
Towards the bottom of the Tweet, it said that BTC (Bitcoin), LTC (Litecoin), XRP (Ripple), EOS (EOS Network), and TRX (Tron) + all other wallets remain fully operational.
Along with the $17.8 million BSC Binance Smart Chain that was taken, around $7.8 million MATIC (Polygon) and $15.7 million ETH (Ethereum) was also taken from Stake.com's hot wallet.
Since launching in 2017, Stake.com has become one of the world's most well-known crypto casinos. It has become a globally recognized casino brand, thanks to several shrewd sponsorship deals with the likes of English Premier League football club Everton FC, Alfa Romeo F1 Team [Stake], Kun [Sergio] Agüero, rapper Drake, UFC, the Brazil Rugby League, and Boxing in Japan, plus many others.
Stake.com is licensed and regulated in Curacao, and it has thousands of games from over 35 market-leading iGaming software providers. It also has separate sports betting services with competitive odds for over 30 major global sports.
Fortunately, the latest hack did not affect players because of the system it uses to keep players' crypto funds safe. However, it will certainly be an eye-opener for all those involved, including the fully registered members who play casino games and place sports bets here, the company that owns and operates Stake.com - Medium Rare N.V, the licensing authorities, regulators, and iGaming industry in general.
Stake keeps a small portion of its crypto reserves in hot wallets at any given moment for these very reasons.
— Eddie (@StakeEddie) September 4, 2023
All affected wallets should be operational shortly 💚
The thing players need to be aware of is that this is an extremely rare occurrence. With that in mind, players should always avoid playing at unlicensed casino sites that untrustworthy operators control. These are the sites that simply cannot be trusted.
They often do not use trustworthy software, have hardly any website security, have non-existent player support, have terrible customer service, and have no proper recourse should accounts be hacked or funds be stolen. Players should only ever play at trusted sites that are licensed by mid to top-tier licensing authorities.
Also, make sure the website has the necessary/valid SSL encryption certificates, has positive reviews, and is controlled by a renowned iGaming operator with an excellent reputation.
Update: The FBI says that North Korea's Lazarus Group is behind the Stake.com Hack and Crypto theft. More on this story as it develops here on Decrypt.
